Hey all, sorry if this has been asked a million times - but I can’t seem to find a direct answer.
I’m running my Plex on MacOS and I also have Nord VPN (both paid subscriptions). The two seem incompatible with each other - when NordVPN is on, Plex’s Remote Access is turned off.
Any advice/guidance on how to resolve this issue?
Thanks!
You need a VPN feature called split tunneling. A function of split tunneling is to allow traffic to be selectively routed via either the VPN or to bypass it. Unfortunately, as far as I know, NordVPN does not support this on any of their clients, with the exception of Android.
With the VPN enabled, are you still able to manually browse to your server using its WAN IP address and remote access port (from outside your network)? If so, you can try using a custom server access URL to advertise your WAN IP address to Plex for remote access to attempt to bypass the VPN for inbound connections. This support article has more information:
The URL you configure needs to be constructed from a few bits of information:
defaults read com.plexapp.plexmediaserver CertificateUUID
A full URL might look like this:
https://1-1-1-1.abcdef12345678890abcdef.plex.direct:32400
You may need to disable and re-enabled remote access, or restart the server after making this change. Also be aware that you’ll have to manually change this if your public IP changes. For that reason, it may be better to use your own custom domain name and certificate and dynamic DNS (or a static IP).
THANK YOU FOR YOUR HELP!
I got all the way to building my own URL (woo!) – but then I’m not sure where to go from there? Where do I put this URL?
Sorry I’m stupid
It’s in your server settings under: Settings → Network (Show Advanced)
Nah, I wasn’t completely clear in my post.
Thank you for your help!
Also one more question, where do you put the WAN IP address in the new url? In your example I don’t see the WAN address (with dashes) anywhere… again I may have missed it.
In my example, it’s the “1-1-1-1” part of:
https://1-1-1-1.abcdef12345678890abcdef.plex.direct:32400
Just take your WAN IP and replace the periods with hyphens.
And again, make sure to replace 32400 with whatever port you’re using for remote access. This will come from the Settings -> Remote Access; check the box to manually specify a port (if you haven’t already) and use the value from that box.
Did you see @pshanew’s very first question?
That’s an important prerequisite. Just checking so you don’t fight with step 7b if it’s not going to work. 
Hey there! Sorry for my late reply - I realized that I had to do some brushing up on static IP addresses before I do more troubleshooting on this. Thanks for your patience. 
The good news - I was able to access the WAN IP address while on VPN (outside of my network).
The good news - I was able to set up a static IP address via my router. Plex seems to like this.
The good news - I was able to set up a manual port (32401) that points to my static IP, and Plex seems to be happy with this. Wee (See attached image)
The not-so-good news: Once I set up the custom server URL, it works for like… 30 seconds to a minute and then switches back red:
Not sure what happens there? Any ideas?
(Also you guys rock, thank you for helping)
That might be OK. I’m not confident that the Remote Access status test can be trusted when overriding things like this.
If you were able to access the server remotely, at this point you should also be able to access it using the custom server URL. Does that work?
Try a remote client!
Ahhh I see what you mean, the “Not available outside of your network” was throwing me off.
So good news! When I hop on the VPN, the Plex Server works – it’s a tad slower but not by much. Must be my VPN.
Ahh, this is great. Thanks for your help! I’ll mark your answers as solved.
Yay! Give @pshanew the credit.
I sorta wonder if traffic is slower because it’s taking an asymmetric path. If it works, it’s not a problem. It’s just a limitation of a VPN client that doesn’t support split tunneling.
Packets from Clients to the PMS go direct: Over the Internet, through the router, to the PMS.
Packets from the PMS to Clients: Out the VPN.
You might be able to confirm that by watching VPN activity statistics while a remote client plays a video.
Glad you got it working. It’s weird that so few VPN providers support split tunneling. I’m not sure what the rationale is there; perhaps they’re concerned by the possibility of being blamed for a misconfiguration and unwanted traffic bypassing the tunnel.
It’s all about setup, if the user is not savvy enough with application or IP exceptions then a risk can be introduced. This is more focused to company computers with home users. So the security is on the users knowledge.
For me I believe the future is WireGuard and Split Tunneling. There is a handful of VPN providers offering these in tandem. Pick carefully with Server Locations opportunities or the need for Geo Restriction servers. With WireGuard I have experienced along with friends next to nil speed loss and amazing latency.
Most providers offer free trials, If they don’t give them the flick is in order. Research is important and the correct setup for your needs.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
